<?php
/*
cmfit
Copyright (C) 2000-2007 Andreas Bengtsson

Email: anteman@users.sourceforge.net

This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
*/

// Andreas Bengtsson 2007-04-13
// picsel.php will list and filter files (pictures) that can be selected for display
// in a specific @P[...] tag

require('config.php');
require('functions.php');

if(isset($_GET['dodelete'])){
 $fileToDelete=$_GET['dodelete'];
 }

if(isset($_POST['MAX_FILE_SIZE'])){
	// file upload, save it...
	echo '<pre>';
	
	$uploadfile = $c_mediadir . escapeshellcmd(basename($_FILES['userfile']['name']));
	if(file_exists($uploadfile)){
		echo "File '".escapeshellcmd(basename($_FILES['userfile']['name'])).
			"'already exists, please delete the present one first.\n";
	}
	else{
		if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
			echo "File is valid, and was successfully uploaded.\n";
		} else {
			echo "Possible file upload attack!\n";
		}
		//echo 'Here is some more debugging info:';
		//print_r($_FILES);
		print "</pre>";
	}
} 
 
?>
<html>
<head>
<SCRIPT TYPE="text/javascript" LANGUAGE="Javascript" SRC="rawurlencode.js"></SCRIPT>
</head>
<body>
<p align="left">
<form enctype="multipart/form-data" method="POST">
    <input type="hidden" name="MAX_FILE_SIZE" value="20000000" />
    Local file: <input name="userfile" type="file" />
    <input type="submit" value="Upload" />
</form>
</p>

<table>
<?php
 if(!is_dir($c_mediadir))
    {
		echo "Mediadir should be a directory '".$c_mediadir."' but is not.";
    }

	// clean up after delete reload	
	if(isset($fileToDelete)){
	// To just unlink a arbitrary file is pretty unsecure. hm. Better do it  more secure at some point.
	// At least we make sure it operates in the media dir.
		unlink($c_mediadir.escapeshellcmd(basename($fileToDelete)));  
	}
	
	
	
  $mhandle=opendir($c_mediadir);
  if($mhandle==0){
    echo "Could not open ".$c_mediadir." directory.";
  }else{
    while ($mfile=readdir($mhandle)){
      $thefile=$c_mediadir.$mfile;
		if ( $mfile != "."
          && $mfile != ".."
          && is_dir($thefile)==false
			)
		{
		
		// Find out file information. Should probably be cached to gain reasonable performance.
		
?>

<table cellspacing="2" cellpadding="2" border="0">
<tr>
	<td colspan="2"><?=$mfile?> asdasdads</td>
</tr>
<tr>
	<td></td>
	<td rowspan="6"><?php echo "<img alt='$thefile' src='$thefile' width=50 height=50 onclick='clickedpic(this.src)'>"; ?></td>
</tr>
<tr>
	<td>Size:</td>
</tr>
<tr>
	<td>Date:</td>
</tr>
<tr>
	<td>Bytes:</td>
</tr>
<tr>
	<td>
	<?php 
	echo "<a onclick=\"return confirm('Really delete ".$thefile." ?')\" href=\"picsel.php?dodelete=".urlencode($thefile)."\">";
	?>[DELETE]</a></td>
</tr>
</table>
<hr>
<?php
			} // End if directories, loop
    }
  }
  
  
//<img src="loser.jpg" onclick="selectedpic(this.src)" id="fnurp1">
?>
</table>
</body>
</html>

<?php
echo "<!-- PICSEL -->"
?>



